The subject matter disclosed herein generally relates to secure authorization tokens and, more particularly, to anonymous and ephemeral tokens for authenticating elevator hall calls.
Elevators can be controlled using a mobile device. The mobile device can be first loaded with any required application software. Using that application, a user can generate and send an elevator hall call message to the elevator control server. If the received elevator hall call message is authenticated, the elevator hall call will be processed and sent to an elevator controller. The elevator controller then calls an elevator car in response to receiving the authenticated elevator hall call message.
However, current implementations for processing in a secured manner are more vulnerable to attacks by one or more rogue agents, which are also sometimes called hackers. For example, in order to securely issue elevator hall calls remotely via a smartphone application, the current solutions propose the use of building specific sharable passcodes. Users will authenticate with the backend system that includes the elevator control system using these passcodes. However, these passcodes are meant to be easily shared between users and may therefore be used by a hacker to overload the system with hall calls in what is known as a denial of service attack. One proposed solution to these attacks is implementing intrusion detection of such an attack. However such intrusion detection requires storing user and/or device identification information leading to privacy issues. Accordingly, there exists a need for an anonymous authentication that may help address attacks by hackers.